Session affinity, load balancing controls, gRPC-Web, and Ambassador 0.52
10 hours ago, ambassador

Today’s cloud native applications are composed of multiple heterogeneous (micro)services, communicating with clients and with each other in a wide variety of protocols and over a wide range of topologies. We’ve seen this first hand with Ambassador, which is being deployed in increasingly diverse workloads and environments.Our goal with Ambassador is to make it the best cloud-native API Gateway on the planet. To that end, we’re excited to announce Ambassador 0.52., which adds the following new ca...

Use Ambassador Gateway with Knative Serving
6 days ago, ambassador

This is a guest post from Justin Brulotte, a DevOps intern at AppDirect who worked on integrating Ambassador with Knative.Knative LogoI love Ambassador. The config is so easy to do and easy to understand. I recently work with Knative and try to make it work with Ambassador.What is KnativeKnative a set of tools to make Serverless Application on a Kubernetes cluster. This is an open source project backed by Google, Red Had, Pivotal and more. Knative makes use of Istio for Gateway to the function, ...

Routing in a Multi-Platform Data Center: From VMs to Kubernetes, via Ambassador
1 week ago, ambassador

At Datawire, we are seeing more organizations migrating to their “next-generation” cloud-native platform built around Docker and Kubernetes. However, this migration doesn’t happen overnight. Instead, we see the proliferation of multi-platform data centers and cloud environments where applications span both VMs and containers. In these data centers the Ambassador API gateway is being used as a central point of ingress, consolidating authentication, rate limiting, and other cross-cutting operation...

Ambassador 0.51: TCP!
1 week ago, ambassador

We’re excited to announce a brand-new feature in Ambassador 0.51: TCP Routing. 0.51 includes the following features and fixes:Can route any TCP connection using the new TCPMapping resource (#420)Support TLS pass-through using the aforementioned TCPMappingCookies are now correctly handled when using ExtAuth (#1211)TCP RoutingMany of our users have been looking to extend Ambassador to broader routing use cases with protocols other than the standard L7 protocols supported by Ambassador (e.g., HTTP,...

Announcing Ambassador Pro 0.2: Custom filters, JWT, and much more!
2 weeks ago, ambassador

We’re excited to announce Ambassador Pro 0.2. As Ambassador has been deployed in increasingly complex environments, we’ve found that organizations are standardizing on Ambassador as a single ingress point for a wide spectrum of applications. Each application frequently has different requirements for ingress: they may require different authentication mechanisms, different rate limits, and so forth.With this release, we’re introducing a new set of capabilities to dramatically improve your ability ...

Announcing Ambassador Pro 0.2: Filters and Filter Policies
2 weeks ago, ambassador

Ambassador Pro 0.2: Filters and Filter PoliciesAmbassador Pro 0.2 introduces a powerful new capability: Filters and Filter Policies. With filters, Ambassador can manipulate incoming requests before they are routed to your upstream service. This opens up many new possibilities. For example:You can use an HTTP basic authentication filter for requests to /foo, while using an OAuth filter for requests to /bar.You can dynamically route requests to different services based on a given customer ID or re...

Implementing Authentication with the Ambassador API Gateway: OAuth, IdPs, OIDC, Oh My…
2 weeks ago, ambassador

The implementation of an effective authentication strategy is vital to any application’s security solution, as is it a key part of determining a user’s identity, and stopping bad actors from masquerading as others, particularly within parts of your system that access sensitive data.Typically with web applications the authentication is implemented at the edge, either via an API/edge gateway like Ambassador or Envoy, or via a top-level request filter within your application framework. It is also i...

Ambassador and the Cloud Native Ecosystem — Part 1: Monitoring
3 weeks ago, ambassador

Ambassador and the Cloud Native Ecosystem — Part 1: MonitoringAs the cloud native ecosystem continues to grow, we’ve been working hard alongside the Ambassador community to provide integrations with other key projects in the fast-moving ecosystem.In a Cloud Native world, microservices are running with ephemeral containers that are regularly deployed to multiple availability zones, regions, and even multiple clouds. As these cloud native applications become more complex, our supporting solutions ...

Rearchitecting the Ambassador Internals to Support Envoy Proxy v2 and use the Aggregate Discovery…
1 month ago, ambassador

Rearchitecting the Ambassador Internals to Support Envoy Proxy v2 and use the Aggregate Discovery Service (ADS)At the end of January we announced the latest General Availability release of our Kubernetes-native API gateway, Ambassador 0.50. We talked about the new headline features included such as Server Name Indication (SNI), “request labels” which add metadata to requests and can be used for advanced rate limiting, enhanced integration with statsd, improved TLS certificate reload, and support...

Using JetStack’s Kubernetes cert-manager to Automatically Renew TLS Certificates in the Ambassador…
1 month ago, ambassador

Using JetStack’s Kubernetes cert-manager to Automatically Renew TLS Certificates in the Ambassador API GatewayFor anyone exposing applications or services over the web, security is of paramount importance. The modern approach to threat modeling is highly valuable, and although everyone needs to embrace security throughout the software design and build lifecycle, today I want to focus on implementing effective Transport Layer Security (TLS) within Kubernetes, using the open source Ambassador API ...

Ambassador 0.50.2 available
1 month ago, ambassador

We’re releasing Ambassador 0.50.2, a bug fix release to Ambassador 0.50. Ambassador 0.50.2 includes the following fixes:Ambassador no longer requires annotations in order to start. With no configuration, it will launch with only the diagnostics service available (#1203).If external auth changes header values, routing will happen based on the changed values (#1226).Ambassador no longer attempts to retrieve stats before Envoy starts running (#1216).The tls attribute is again available to control t...

Ambassador is now in the Helm stable repository
1 month ago, ambassador

We’re moving the official Ambassador Helm chart to the Helm stable repository: https://hub.helm.sh/charts/stable/ambassador.This chart features a number of core improvements, including:Integrated Prometheus stats exporterSupport for running as non-root (which is now set by default)Much more configurability with additional parameters such as service.externalTrafficPolicy and replicaCountCredit for this work goes to Markus Maga, who has been the driving force behind all this Helm work.Install and ...

Surviving a sudden spike in website traffic — Global rate limiting with Ambassador
1 month ago, ambassador

Surviving a sudden spike in website traffic — Global rate limiting with AmbassadorImagine your website gets on the front page of Hacker News. Traffic starts to skyrocket. Unfortunately, your website isn’t ready for this. Your database starts to topple under the load. With degraded performance, users start hitting reload in their browser, hoping to get a request through — which adds even more load to your server.What do you do?Global rate limitingYou want to mitigate the performance issues as qui...

Ambassador 0.50.1 available
1 month ago, ambassador

We’re releasing Ambassador 0.50.1, a bug fix release to Ambassador 0.50. Ambassador 0.50.1 includes the following fixes:Defaults to only doing IPv4 DNS lookups. IPv6 can be enabled in the Ambassador module or in a Mapping. (#944)Fix spin loop where an invalid Envoy configuration would cause Ambassador to hang.Fix Docker support, so docker run and docker compose are supported. (#1160)Configuration from the filesystem is supported again; see the Running Ambassador documentation for details.Ambassa...

Ambassador Pro: Multi-Domain Auth, Service Preview, and more
1 month ago, ambassador

Over the past few weeks, we’ve added a number of new features to Ambassador Pro to accelerate your adoption of Kubernetes services. In this post, we’ll review some of the key new capabilities introduced in Pro.Multi-Domain AuthenticationMany organizations have multiple domains, e.g., at Datawire, we manage microservices.com, datawire.io, telepresence.io, and getambassador.io. With Ambassador Pro, you can publish all of these services from a single Kubernetes cluster and Ambassador Pro installati...

Announcing Ambassador 0.50
1 month ago, ambassador

Announcing Ambassador 0.50 GA: The Kubernetes-Native Gateway Now Includes SNI, Auth Improvement, and Envoy v2 SupportOver the past year, usage of Ambassador has skyrocketed, with companies such as AppDirect, Chick-Fil-A, Onefootball, and Google Kubeflow using Ambassador as an API Gateway in Kubernetes. Today, we’re thrilled to announce the general availability release of Ambassador 0.50, which adds a raft of new capabilities for both our new and existing customers.Organizations that are migratin...

Ambassador 0.50 GA Release Notes: SNI, New AuthService and Envoy v2 Support
1 month ago, ambassador

We are pleased to announce the GA release of Ambassador 0.50, with the headline features of Server Name Indication (SNI) support, more powerful rate limiting semantics, and a new AuthService. This release includes a major re-architecture under the hood that adds support for the Envoy Proxy v2 API and also uses the Aggregate Discovery Service (ADS) functionality, which removes the need for hot restarts.We are extremely grateful for everyone who contributed to this release, and also those who offe...

Case Study: How Onefootball saved more than $20,000/year with Ambassador
1 month ago, ambassador

This article is based on an interview with Jonathan Beber, SRE/DevOps Engineer, and Rodrigo Vieira Del Monte, DevOps Engineer, at Onefootball.Can you tell us about yourself and what your company does? Can you describe your cloud application and its general workload (e.g., requests/second , # of services, etc.)?Onefootball is a football media company with more than 10M monthly active users delivering more than 10TB of content per day.We run in a Kubernetes environment with more than 50 microservi...

Ambassador 0.50 RC6 (final RC!) is now available
1 month ago, ambassador

Ambassador 0.50 RC6 is now available. RC6 is the final release candidate we’re planning before GA.Ambassador 0.50 includes some significant architectural changes to Ambassador:Ambassador now uses Envoy’s v2 configuration, which allows us to support many commonly requested features such as SNI and gzip compression.Ambassador has vastly improved connection draining semantics under load (> 1000 requests per second), as Ambassador 0.50 uses Envoy’s Aggregated Discovery Service API for configuration ...

Service Preview: Accelerating your design-code-test cycle with Ambassador and Telepresence
1 month ago, ambassador

Developers creating microservices face a common challenge related to the design-code-test cycle: integration testing against other services during development. For example, engineers are often forced to create (potentially brittle and unrealistic) mocks, or trying to spin up a full stack locally. The new Service Preview feature of Ambassador Pro, built on the Telepresence local-to-remote Kubernetes project, aims to help developers solve this problem, accelerating their design-code-test cycle.Cur...

Next